From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from rock.gnat.com (rock.gnat.com [205.232.38.15]) by sourceware.org (Postfix) with ESMTPS id 8941B3858C66 for ; Thu, 12 Jan 2023 21:32:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8941B3858C66 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=adacore.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=adacore.com Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 75015116920; Thu, 12 Jan 2023 16:32:18 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at gnat.com Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id irCvRKQTmEIe; Thu, 12 Jan 2023 16:32:18 -0500 (EST) Received: from free.home (tron.gnat.com [IPv6:2620:20:4000:0:46a8:42ff:fe0e:e294]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by rock.gnat.com (Postfix) with ESMTPS id 3AA61116913; Thu, 12 Jan 2023 16:32:18 -0500 (EST) Received: from livre (livre.home [172.31.160.2]) by free.home (8.15.2/8.15.2) with ESMTPS id 30C6kNJt1248379 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 12 Jan 2023 03:46:23 -0300 From: Alexandre Oliva To: gcc-patches@gcc.gnu.org Subject: [18/18] hash table: enforce testing is_empty before is_deleted Organization: Free thinker, does not speak for AdaCore Errors-To: aoliva@lxoliva.fsfla.org Date: Thu, 12 Jan 2023 03:46:23 -0300 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.84 X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00,DATE_IN_PAST_12_24,GIT_PATCH_0,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Existing hash_table traits that use the same representation for empty and deleted slots reject marking slots as deleted, and to not pass is_deleted for slots that pass is_empty. Nevertheless, nearly everywhere, we only test for is_deleted after checking that !is_empty first. The one exception was the copy constructor, that would fail if traits recognized is_empty slots as is_deleted, but then refused to mark_deleted. This asymmetry is neither necessary nor desirable, and there is a theoretical risk that traits might not only fail to refuse to mark_deleted, but also return is_deleted for is_empty slots. This patch introduces checks that detect these potentially problematic situations, and reorders the tests in the copy constructor so as to use the conventional testing order and thus avoid them. Regstrapped on x86_64-linux-gnu. Ok to install? for gcc/ChangeLog * hash-table.h (is_deleted): Precheck !is_empty. (mark_deleted): Postcheck !is_empty. (copy constructor): Test is_empty before is_deleted. --- gcc/hash-table.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/gcc/hash-table.h b/gcc/hash-table.h index 1d3166504c38e..e37625dc315bf 100644 --- a/gcc/hash-table.h +++ b/gcc/hash-table.h @@ -534,6 +534,11 @@ private: void expand (); static bool is_deleted (value_type &v) { + /* Traits are supposed to avoid recognizing elements as both empty + and deleted, but to fail safe in case custom traits fail to do + that, make sure we never test for is_deleted without having + first ruled out is_empty. */ + gcc_checking_assert (!Descriptor::is_empty (v)); return Descriptor::is_deleted (v); } @@ -545,6 +550,11 @@ private: static void mark_deleted (value_type &v) { Descriptor::mark_deleted (v); + /* Traits are supposed to refuse to set elements as deleted if + those would be indistinguishable from empty, but to fail safe + in case custom traits fail to do that, check that the + just-deleted element does not look empty. */ + gcc_checking_assert (!Descriptor::is_empty (v)); } static void mark_empty (value_type &v) @@ -700,9 +710,11 @@ hash_table::hash_table (const hash_table &h, for (size_t i = 0; i < size; ++i) { value_type &entry = h.m_entries[i]; - if (is_deleted (entry)) + if (is_empty (entry)) + continue; + else if (is_deleted (entry)) mark_deleted (nentries[i]); - else if (!is_empty (entry)) + else new ((void*) (nentries + i)) value_type (entry); } m_entries = nentries; -- Alexandre Oliva, happy hacker https://FSFLA.org/blogs/lxo/ Free Software Activist GNU Toolchain Engineer Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about